mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
kyverno/test/e2e/verifyimages/config.go
Pratik Shah caab013a86
Fixed issue-4530: Added separate attestor type for secrets and KMS (#4733) 
Signed-off-by: Pratik Shah <pratik@infracloud.io>

Signed-off-by: Vyankatesh <vyankateshkd@gmail.com>
2022-10-14 09:40:46 +00:00

108 lines
3.5 KiB
Go
Raw Blame History

package verifyimages
import (
"github.com/kyverno/kyverno/test/e2e"
"k8s.io/apimachinery/pkg/runtime/schema"
)
var (
taskGVR = e2e.GetGVR("tekton.dev", "v1beta1", "tasks")
podGVR = e2e.GetGVR("", "v1", "pods")
)
var VerifyImagesTests = []struct {
// TestName - Name of the Test
TestName string
// PolicyName - Name of the Policy
PolicyName string
// PolicyRaw - The Yaml file of the ClusterPolicy
PolicyRaw []byte
// ResourceName - Name of the Resource
ResourceName string
// ResourceNamespace - Namespace of the Resource
ResourceNamespace string
// ResourceGVR - GVR of the Resource
ResourceGVR schema.GroupVersionResource
// ResourceRaw - The Yaml file of the ClusterPolicy
ResourceRaw []byte
// MustSucceed - indicates if validation must succeed
MustSucceed bool
}{
{
// Case for custom image extraction
TestName: "checks that custom images are populated with simple extractor",
PolicyName: "tasks-simple",
PolicyRaw: kyvernoTaskPolicyWithSimpleExtractor,
ResourceName: "example-task-name",
ResourceNamespace: "test-verify-images",
ResourceGVR: taskGVR,
ResourceRaw: tektonTask,
MustSucceed: false,
},
{
// Case for custom image extraction
TestName: "checks that custom images are populated with complex extractor",
PolicyName: "tasks-complex",
PolicyRaw: kyvernoTaskPolicyWithComplexExtractor,
ResourceName: "example-task-name",
ResourceNamespace: "test-verify-images",
ResourceGVR: taskGVR,
ResourceRaw: tektonTask,
MustSucceed: false,
},
{
// Case for custom image extraction
TestName: "checks that custom images are not populated",
PolicyName: "tasks-no-extractor",
PolicyRaw: kyvernoTaskPolicyWithoutExtractor,
ResourceName: "example-task-name",
ResourceNamespace: "test-verify-images",
ResourceGVR: taskGVR,
ResourceRaw: tektonTask,
MustSucceed: true,
},
{
// Case for custom image extraction
TestName: "checks that custom images are populated and verified",
PolicyName: "tasks-keyless",
PolicyRaw: kyvernoTaskPolicyKeyless,
ResourceName: "example-task-name",
ResourceNamespace: "test-verify-images",
ResourceGVR: taskGVR,
ResourceRaw: tektonTaskVerified,
MustSucceed: true,
},
{
// Case for custom image extraction
TestName: "checks that custom images are populated and verified for all images",
PolicyName: "tasks-keyless-required",
PolicyRaw: kyvernoTaskPolicyKeylessRequired,
ResourceName: "example-task-name",
ResourceNamespace: "test-verify-images",
ResourceGVR: taskGVR,
ResourceRaw: tektonTaskVerified,
MustSucceed: true,
},
{
// Success case to check secret in attestors.entries.keys
TestName: "secret-in-keys-success",
PolicyName: "secret-in-keys",
PolicyRaw: kyvernoPolicyWithSecretInKeys,
ResourceName: "test-secret-pod",
ResourceNamespace: "test-verify-images",
ResourceGVR: podGVR,
ResourceRaw: secretPodResourceSuccess,
MustSucceed: true,
},
{
// Failed case to check secret in attestors.entries.keys
TestName: "secret-in-keys-failure",
PolicyName: "secret-in-keys",
PolicyRaw: kyvernoPolicyWithSecretInKeys,
ResourceName: "test-secret-pod",
ResourceNamespace: "test-verify-images",
ResourceGVR: podGVR,
ResourceRaw: secretPodResourceFailed,
MustSucceed: false,
},
}
View git blame Copy permalink